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DETAILED ACTION 

1 . Claims 1 -45 are pending in this application and presented for examination. 

Claim Objections 

2. Claims 4, 7, 10, 13, 16, 20, 42 and 43 are objected to for the following informalities: 

3. In claims 4, 10, 16, 20, and 43, "the modification detection technique" (hne 1) lacks 
antecedent basis. In order to further prosecution, the examiner interpreted each instance as "a 
modification technique." 

4. In claims 7 and 13, "the device" (line 2) lacks antecedent basis. In order to further 

prosecution, the examiner interpreted each instance as "a device." 

5. In claim 42, "compromising" (line 1) appears to be a typographical error. In order to 
further prosecution, the examiner interpreted the word as "comprising." Examiner notes also 
that a "modification and authentication technique" is included in this claim, whereas similar 
claims have included a "modification detection and authentication technique." 

6. Appropriate correction is required. 

Claim Rejections - 35 USC §103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 
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8. Claims 1-45 are rejected under 35 U.S.C. 103(a) as being obvious over Drews, U.S. 
Patent No. 6,477,645 Bl, (hereinafter "Drews") in view of Bari et al., U.S. Patent Publication 
No. 2002/0023059 Al, (hereinafter "Bari"). 

9. Regarding claim 1: Drews discloses a method (col. 6 lines 15-16) for providing an 
appUcation credential to an application running on a device (col. 2 lines 9-12), wherein the 
application credential is used by the application to authenticate to a data server (col. 3 lines 34- 
40 and col. 4 lines 30-36), the method comprising: 

receiving a request to generate the application credential, wherein the request includes an 
application identifier (col. 3 line 15-19, transformation value generator, hash fiinction, accepts 
(receives) input (request for application credential), a variable length amount of digital data 
(application identifier)); and 

generating the application credential using the application identifier (col. 3 lines 15-33, 
transformation value generator, uses a variable length amount of digital data (application 
identifier) to create a transformation value (application credential) via hashing (generating). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 
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10. Regarding claim 7: Drews discloses an apparatus (col. 2 lines 9-22) that operates to 
provide an application credential to an application running on a device (col. 2 lines 9-12), 
wherein the application credential is used by the application to authenticate to a data server (col. 
3 lines 34-40 and col. 4 lines 30-36), the apparatus comprising: 

receiving logic that operates to receive a request for the application credential, wherein 
the request includes an application identifier (col. 3 line 15-19, transformation value generator, 
hash function, accepts (receiving logic) input (request for application credential), a variable 
length amount of digital data (application identifier)); and 

generating logic that operates to generate the application credential using the application 
identifier (col. 3 lines 15-33, transformation value generator, uses a variable length amount of 
digital data (application identifier) to create a transformation value (application credential) via 
hashing (generating logic)). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to combine the teachings of Drews with the master credential taught by Bari for the benefit of 
identifying a particular user/device for authentication {see Bari, ([0036] lines 2-5)). 

11. Regarding claim 13; Drews discloses an apparatus (col. 2 lines 9-22) that operates to 
provide an application credential to an application running on a device (col. 2 lines 9-12), 
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wherein the appUcation credential is used by the apphcation to authenticate to a data server (col. 
3 lines 34-40 and col 4 lines 30-36), the apparatus comprising: 

means for receiving a request for the application credential, wherein the request includes 
an application identifier (col. 3 line 15-19, transformation value generator, hash function, accepts 
(means for receiving) input (request for application credential), a variable length amount of 
digital data (application identifier)); and 

means for generating the application credential using the application identifier and a 
master credential (col. 3 lines 15-33, transformation value generator, uses a variable length 
amount of digital data (application identifier) to create a transformation value (application 
credential) via hashing (means for generating). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 

12. Regarding claim 18: Drews discloses a computer-readable media (col. 7 line 2) 
comprising instructions, which when executed by a processor in a device, provide an application 
credential to an application running on a device (col. 2 lines 9-12), wherein the application 
credential is used by the application to authenticate to a data server (col. 3 lines 34-40 and col. 4 
lines 30-36), the computer readable media comprising: 
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instructions for receiving a request for the application credential, wherein the request 
includes an apphcation identifier (col. 3 line 15-19, transformation value generator, hash 
function, accepts (receives) input (request for application credential), a variable length amount of 
digital data (application identifier)); and 

instructions for generating the application credential using the application identifier and a 
master credential means for generaiting the application credential using the application identifier 
and a master credential (col. 3 lines 15-33, transformation value generator, uses a variable length 
amount of digital data (application identifier) to create a transformation value (application 
credential) via hashing (generating). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 

13. Regarding claim 24: Drews discloses a method for operating a credential server (col. 6 
lines 15-16) to authenticate an application running on a device, wherein the application transmits 
a request for data to a data server and the request comprises an application credential, the method 
comprising: 

receiving an application identifier in a request for a server credential (col. 3 lines 57-65, 
authorizing entity, an IT management organization or some other entity (credential server), 
generates and supplies (upon request) transformation values (server credentials) performing the 
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same transfomiation as the transfomiation value generator, and col. 3 line 15-19, transformation 
value generator, hash fimction, accepts (receives) input (request for server credential), a variable 
length amount of digital data (application identifier)); 

generating the server credential using the application identifier (col. 3 lines 57-65, 
authorizing entity, an IT management organization or some other entity (credential server), 
generates and supplies (upon request) transformation values (server credentials) performing the 
same transformation as the transformation value generator, and col. 3 lines 15-33, transformation 
value generator, uses a variable length amount of digital data (application identifier) to create a 
transformation value (application credential) via hashing (generating)); and 

transmitting the server credential to the data server (col. 2 lines 9-32), wherein if the 
server credential and the application credential match, the application is authenticated (col. 4 
lines 9-36, authorizing entity supplies (transmits) transformation value (server credential) to 
user/agent that submits (transmits) the transformation value (server credential) to the comparison 
system of user platform (data server), and comparison system compares the received 
transformation value (server credential) with the output of the transformation value generator 
(authentication credential)). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 
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14. Regarding claim 28: Drews discloses an apparatus (col. 2 lines 9-22) for use with a 
credential server to authenticate an application running on a device, wherein the application 
transmits a request for data to a data server (col. 2 lines 34-42) and the request comprises an 
application credential (col. 3 line 24), the apparatus comprising: 

first receiving logic that operates to receive an application identifier in a request for a 
server credential (col. 3 lines 57-65, authorizing entity, an IT management organization or some 
other entity, generates and supplies (upon request) transformation values (server credentials) 
performing the same transformation as the transformation value generator, and col. 3 line 15-19, 
transformation value generator, hash function, accepts (receiving logic) input (request for server 
credential), a variable length amount of digital data (application identifier)); 

generating logic that operates to generate the server credential based on the application 
identifier (col. 3 lines 57-65, authorizing entity, an FT management organization or some other 
entity (credential server), generates and supplies (upon request) transformation values (server 
credentials) performing the same transformation as the transformation value generator, and col. 3 
lines 15-33, transformation value generator, uses a variable length amount of digital data 
(application identifier) to create a transformation value (application credential) via hashing 
(generating logic)); and 

transmitting logic that operates to transmit the server credential to the data server (col. 2 
lines 9-32), wherein the data server matches the server credential to the application credential to 
authenticate the application (col. 4 lines 9-36, authorizing entity supplies (transmitting logic) 
transformation value (server credential) to user/agent that submits (transmitting logic) the 
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transformation value (server credential) to the comparison system of user platform (data server), 
and comparison system compares the received transformation value (server credential) with the 
output of the transformation value generator (authentication credential)). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Ban for the benefit of identifying a particular 
user/device for authentication (see Ban, ([0036] lines 2-5)). 

15. Regarding claim 32: Drews discloses an apparatus (col. 2 lines 9-22) for use with a 
credential server to authenticate an application running on a device, wherein the application 
transmits a request for data to a data server and the request comprises an application credential, 
the apparatus comprising: 

means for receiving an application identifier in a request for a server credential (coL 3 
lines 57-65, authorizing entity, an IT management organization or some other entity (credential 
server), generates and supplies (upon request) transformation values (server credentials) 
performing the same transformation as the transformation value generator, and col. 3 line 15-19, 
transformation value generator, hash function, accepts (means for receiving) input (request for 
server credential), a variable length amount of digital data (application identifier)); 

means for generating the server credential based on the application identifier (col. 3 lines 
57-65, authorizing entity, an IT management organization or some other entity (credential 
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server), generates and supplies (upon request) transformation values (server credentials) 
performing the same transformation as the transformation value generator, and col. 3 lines 15-33, 
transformation value generator, uses a variable length amount of digital data (application 
identifier) to create, a transformation value (application credential) via hashing (means for 
generating)); and 

means for transmitting the server credential to the data server (col. 2 lines 9-32), wherein 
the data server matches the server credential to the application credential to authenticate the 
appUcation (col. 4 lines 9-36, authorizing entity supplies (means for transmitting) transformation 
value (server credential) to user/agent that submits (means for transmitting) the transformation 
value (server credential) to the comparison system of user platform (data server), and comparison 
system compares the received transformation value (server credential) with the output of the 
transformation value generator (authentication credential)). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 

16. Regarding claim 36: Drews discloses a computer-readable media (col. 7 line 2) 
comprising instructions, which when executed by a processor in a credential server, operate to 
authenticate an application running on a device, wherein the application transmits a request for 
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data to a data server and the request comprises an application credential, the computer-readable 
media comprising: 

instructions for receiving the application identifier in a request for a server credential 
(col. 3 lines 57-65, authorizing entity, an IT management organization or some other entity 
(credential server), generates and supplies (upon request) transformation values (server 
credentials) performing the same transformation as the transformation value generator, and coL 3 
line 15-19, transformation value generator, hash function, accepts (receives) input (request for 
server credential), a variable length amount of digital data (application identifier)); 

instructions for generating the server credential based on the application identifier (col. 3 
lines 57-65, authorizing entity, an IT management organization or some other entity (credential 
server), generates and supplies (upon request) transformation values (server credentials) 
performing the same transformation as the transformation value generator, and col. 3 lines 15-33, 
transformation value generator, uses a variable length amount of digital data (application 
identifier) to create a transformation value (application credential) via hashing (generating)); and 

instructions for transmitting the server credential to the data server (col. 2 lines 9-32), 
wherein the data server matches the server credential to the application credential to authenticate 
the application (col. 4 lines 9-36, authorizing entity supplies (transmits) transformation value 
(server credential) to user/agent that submits (transmits) the transformation value (server 
credential) to the comparison system of user platform (data server), and comparison system 
compares the received transformation value (server credential) with the output of the 
transfomiation value generator (authentication credential)). 
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Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 

17. Regarding claim 40: Drews discloses a method (col. 6 lines 15-16) for processing an 
application credential associated with an application running on a device, wherein the application 
credential is used by the appUcation to authenticate to a data server, the method comprising: 

receiving a request to generate the application credential, wherein the request includes an 
application identifier (col. 3 line 15-19, transformation value generator, hash function, accepts 
(receives) input (request for application credential), a variable length amount of digital data 
(application identifier)); and 

generating the application credential using the application identifier (col. 3 lines 15-33, 
transformation value generator, uses a variable length amoimt of digital data (application 
identifier) to create a transformation value (application credential) via hashing (generating). 

transmitting a request for data to a data server (col. 2 lines 9-22), wherein the request 
comprises the application credential (col. 6 lines 15-44, authorizing entity identifies newly 
installed workstation requiring installation of a boot image (request for data), and transformation 
value (application credential) is necessary to obtain data). 
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(col. 3 lines 57-65, authorizing entity, an IT management organization or some other 
entity (credential server), generates and supplies (upon request) transformation values (server 
credentials) performing the same transformation as the transformation value generator 

requesting a server credential from a credential server, wherein the request for the server 
credential comprises the application identifier (coL 3 line 16) and a token (col. 2 line 44) by 
which the data server authenticates itself (col. 3 lines 57-65, authorizing entity, an IT 
management organization or some other entity (credential server), generates and supplies (upon 
request) transformation values (server credentials) performing the same transformation as the 
transformation value generator, and col. 3 line 15-19, transformation value generator, hash 
function, accepts (receives) input (request for server credential), a variable length amount of 
digital data (application identifier)); 

generating the server credential using the apphcation identifier (col. 3 lines 57-65, 
authorizing entity, an IT management organization or some other entity (credential server), 
generates and supplies (upon request) transformation values (server credentials) performing the 
same transformation as the transformation value generator, and col. 3 lines 15-33, transformation 
value generator, uses a variable length amount of digital data (application identifier) to create a 
transformation value (application credential) via hashing (generating)); and 

transmitting the server credential to the data server (col. 2 lines 9-32), 

matching the server credential with the application credential, wherein the application is 
authenticated if the two credentials match (col. 4 lines 9-36, authorizing entity supplies 
(transmits) transformation value (server credential) to user/agent that submits (transmits) the 
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transformation value (server credential) to the comparison system of user platform (data server), 
and comparison system compares the received transformation value (server credential) with the 
output of the transformation value generator (authentication credential)); and 
transmitting the data to the appUcation (col. 6 lines 22-32). 

Drews does not disclose a master credential. 

Bari discloses a master credential ([0036] lines 10-23). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Drews by the master credential taught by Bari for the benefit of identifying a particular 
user/device for authentication {see Bari, ([0036] lines 2-5)). 

18. Regarding claims 2, 8, 14, 22, and 41: Drews discloses a one-way generation technique, 
so that the appUcation identifier and the master credential can not be discovered from the 
appHcation credential (col, 3 lines 15-33). 



19. Regarding claims 3, 9, 15, 19, and (42): Drews discloses using a modification detection 
and authentication technique (col. 3 lines 49-65) to determine if the appUcation or the appUcation 
identifier has been modified (col. 3 lines 24-40) and prove the application is associated with the 
application identifier (col. 3 lines 24-40). 
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20. Regarding claims 4, 10, 16, and 20: Drews discloses the modification detection 
technique (col. 3 lines 49-65) is generated by a server that is distinct from a provider of the 
application (col. 3 lines 54-56). 

21. Regarding claims 5, 11, 17, 21, and 43: Drews discloses the modification detection 
technique is a digital signature (coL 2 lines 42-52). 

22. Regarding claims 6, 12, 23, and 45: Drews discloses the device is a wireless device (col. 

2 lines 53-65). 

23. Regarding claims 25, 29, 33, 37, and 44: Drews discloses receiving an authentication 
token (col. 2 line 44) that proves the request is associated with the application identifier (col. 2 
lines 42-52). 

24. Regarding claims 26, 31, 35, and 39: Drews discloses receiving the application 
credential (col. 3 lines 34-40); matching the application credential and the server credential (col. 

3 lines 34-40); and transmitting an authorization to the data server to fulfill the data request if the 
application credential matches the server credential (col. 6 lines 15-54). 

25. Regarding claims 27, 30, 34, and 38: Drews discloses generating the server credential 
(col. 3 lines 63-65) using a one-way generation technique, so that the application identifier and 
the master credential cannot be discovered from the server credential (col. 3 lines 15-33). 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure 
is: 

• Thomlinson et al., U.S. Patent No. 6,272,631 Bl, regarding protected storage of data. 

• Donley et al., U.S. Patent Publication No. 2004/01 80646 Al , regarding wireless 
authentication. 

• Eggebraaten et al., U.S. Patent No. 7,146,635 B2, regarding authentication and 
authorization to access resources. 

• Abgrall et al, U.S. Patent Publication No. 2003/0037237 Al, regarding computer device 
authentication. 

• Khanna et al., U.S. Patent Publication No. 2005/0071677 Al, regarding a method to 
authenticate. 

Please direct any inquiry concerning this communication or earlier communications from 
the examiner to Bea Koempel-Thomas whose telephone number is 571-270-1252. The examiner 
can normally be reached on Monday - Thursday & alternate Fridays; 0730 - 1700. 

If attempts to reach the examiner by telephone are unsuccessful, please contact the 
examiner's supervisor, Nabil El-Hady, on 571-272-3963. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




